Lucene search
K

1057 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.11 views

Malicious code in vault-strategies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...

5.2AI score
Exploits0References1
OSV
OSV
added 2026/06/15 3:9 p.m.8 views

MAL-2026-5783 Malicious code in vault-strategies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...

5.3AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/14 6:53 a.m.82 views

wannacry-soc-lab

WannaCry SOC Investigation Lab Overview This project simu...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.5 views

When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems

Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered. While improved discovery can benefit defenders, it can also overload remediation pipelines and accelerate...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.6 views

Evaluating and Combating the Impact of Concept Drift on the Performance of Machine Learning-Based Phishing Detection Systems

The expansion of the digital domain has resulted in a substantial increase in digital communication, with email emerging as one of the most prominent channels. The proliferation of email communication is apparent in both professional and personal contexts, thereby creating numerous vulnerabilitie...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.8 views

Steganography without Modification: Hidden Communication Via LLM Seeds

We demonstrate that widely deployed Large Language Model LLM inference stacks harbor a steganographic channel that requires no modification to model weights, sampling code, or output distributions. The channel exploits a structural property of deterministic decoding: pseudo-random number generato...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.5 views

Unveiling Privacy Risks in Multi-Modal Large Language Models: Task-Specific Vulnerabilities and Mitigation Challenges

Privacy risks in text-only Large Language Models LLMs are well studied, particularly their tendency to memorize and leak sensitive information. However, Multi-modal Large Language Models MLLMs, which process both text and images, introduce unique privacy challenges that remain underexplored...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.6 views

CVE-2025-40904

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS5.6AI score0.00186EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.17 views

Beyond Pass/Fail: Using Process Mining to Understand How LLMs Resist (And Fail) Red Team Attacks

Standard AI red teaming evaluations reduce adversarial campaigns to a single binary outcome, attack success rate ASR, not taking into account the sequential structure of how models resist or yield to attacks. We propose applying process mining, a discipline for discovering and analyzing process...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.23 views

Credential Disclosure in (EU) Digital Identity Wallets: Privacy Risks and Practical Mitigations

The European Union will introduce the EUDI Wallet by late 2026, which allows users to hold digital credentials i.e., representations of physical official identity documents on their devices. This will allow users to securely and privately disclose identity attributes to websites. Although such a...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.17 views

Steering LLM Viewpoints through Fabricated Evidence Injection

As chatbots increasingly influence daily decision-making, their potential to produce misleading responses poses substantial risks to users. This paper investigates a critical cognitive vulnerability in LLMs: their tendency to uncritically trust external context when presented with fabricated...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.6 views

TeleHunt: A Framework and Tool for Efficient Cybercriminal Community Discovery on Telegram

This paper presents TeleHunt, a framework and tool for evaluating the effectiveness of different strategies to discover cybercriminal communities on Telegram. TeleHunt employs a set of reference-driven snowballing strategies, integrating message-level classification, contextual filtering, and...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.20 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.17 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.9 views

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

The misuse of Java security APIs is a serious security problem in software development. Research in 2024 has shown that this problem is widespread in LLM-generated code. However, it remains unclear whether this phenomenon persists in current models and how external security knowledge affects it...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.11 views

An Empirical Evaluation of LLM-Generated Code Security across Prompting Methods

The growing use of Large Language Models LLMs for automated code generation has enhanced software development efficiency, but often at the cost of security. Generated code frequently overlooks critical concerns, leaving it vulnerable to issues such as weak encryption and improper input validation...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.10 views

From Preventive to Reactive: How AI Coding Assistants Transform Developers' Security Awareness

AI coding assistants are now central to professional software development, yet their impact on how developers think about and practice security remains poorly understood. While prior work has documented vulnerability rates in AI-generated code, a more fundamental question persists: how do these...

5.9AI score
Exploits0
NVD
NVD
added 2026/05/19 2:16 p.m.19 views

CVE-2025-40904

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 1:23 p.m.38 views

CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 1:23 p.m.5 views

CVE-2025-40904

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
Rows per page
Query Builder